Current Windows Server Updates Cause Crashing & Rebooting Domain Controllers

Several significant interferences in the IT infrastructure across the world have been linked with recent Windows Server updates. Several reports have indicated that domain controllers have crashed and had to reboot. The problems have been linked to the cumulative updates KB503585 & KB5035857 from March 2024 for Windows Server 2016 and Windows Server 2022.

Impact on Domain Controllers

The Local Security Authority Subsystem Service (LSASS), a vital Windows operating system component in charge of managing user logins, access token creation, and password changes, has a memory leak that is the root of the issue.

The LSASS procedure is necessary to ensure that domain controllers, which are critical to the management of user authentication and network security in an organization's IT environment, run steadily. Administrators have noticed that following the installation of the March upgrades, domain controllers' LSASS memory use has been gradually rising.

This increase in resource usage ultimately causes the system to become unresponsive, which results in crashes and forced reboots. Such activity jeopardizes data integrity and network security while interfering with regular corporate activities.

Reasons behind Crashes & Reboots

The primary reason behind the update’s crashes & reboots is the LSASS memory leaks.  It happens when a program improperly handles memory allocations, which eventually exhausts the available memory and harms system stability & performance. When a memory leak happens in the LSASS process, it causes an unmanageable damage on domain controllers, requiring a crash as a last option to recover from the failure.

Affected Windows Server Versions

Windows Server 2016 and Windows Server 2022 are particularly impacted by the updates. Due to the widespread use of these versions in business settings, there may be a large impact on the issue across the world.

There have been reports of LSASS-related problems following Windows Server updates as well (in December 2022 and March 2022). These reports raise questions regarding the repetitive nature of such vulnerabilities.

Users’ Reactions & Comments

The interruptions have been widely discussed by the Sysadmin Community, with many using internet forums to exchange stories & solicit guidance. Remarks range from annoyance at these problems being recurring to worry about the absence of quick fixes.

While some users are waiting for Microsoft's official reaction, others are temporarily fixing the upgrades by rolling them back. One user's remark on the Microsoft Tech Community Exchange Team Blog, "This is a disaster," emphasizes the problem’s seriousness.

LSASS Process Memory Leak

Although the LSASS memory leak is not brand-new, Microsoft and its user community are concerned about its repetitiveness. The memory leak is causing the LSASS to gradually use more memory until it can no longer support the system. To keep the affected systems stable & secure, this problem needs to be addressed right away.

Microsoft has not yet made an official announcement or offered a fix for the domain controller issues. This scenario highlights its importance to properly test and ensure the integrity of software updates, especially when those upgrades impact important parts of the company's IT infrastructure.

System administrators are recommended to watch official channels for updates as the situation progresses and not to install these updates until a solution is verified.